Securing the Application Integration Framework
Since the Application Integration Framework (AIF) is by definition used to exchange data with outside parties or systems, security considerations are extremely important. The discussion below assumes that you have a working knowledge of AIF concepts and terms. For a discussion of concepts, see Using the Application Integration Framework (AIF) to integrate Microsoft Dynamics AX with external software systems.
For authorization purposes, each endpoint may be configured for one or more endpoint users, and, optionally, one or more trusted intermediaries. A trusted intermediary is a Microsoft Dynamics AX user configured on the form. This user represents an entity that you trust to submit documents to your Microsoft Dynamics AX system. For more information about configuring trusted intermediaries, see Configure an endpoint.
Endpoint users and trusted intermediaries are Microsoft Dynamics AX users or groups that are configured on the endpoint on the tab of the form. Only these authorized users are allowed to exchange documents and data on behalf of a particular endpoint.
For this discussion, the concept of a submitting user is defined as the user context of the process that submitted the message. The SourceEndpointUser is a field in the header of the message XML. During an inbound exchange, when a message arrives, the AIF checks that the SourceEndpointUser matches the submitting user and, in turn, also matches the endpoint user. If these are true, the document was submitted by an internal Microsoft Dynamics AX user, and is accepted. If the submitting user does not match the SourceEndpointUser on the message, then it is checked against the trusted intermediary for the endpoint, if one exists. If the submitting user has been configured as a valid endpoint user or trusted intermediary, the inbound message is accepted by AIF.
After endpoint users are configured on the endpoint, only those authorized endpoint users and trusted intermediaries are allowed to exchange documents and data through the framework on behalf of that particular endpoint.
The end result is that the framework ensures that messages are received from an endpoint user authorized to submit them on behalf of the endpoint. However, it is up to all applicable administrators to ensure that the authorized endpoint users and trusted intermediaries represent trusted entities, whether they are internal or external partners, other companies, or other applications.